Hackers Steal $53 Million Worth of Cryptocurrency From CoinEx

Global cryptocurrency exchange CoinEX announced that someone hacked its hot wallets and stole large amounts of digital assets that were used to support the platform's operations. BleepingComputer reports: The incident occurred on September 12 and preliminary results of the investigation show that the unauthorized transactions involved Ethereum ($ETH), Tron ($TRON), and Polygon ($MATIC) cryptocurrency. CoinEx has not provided any info about the financial impact incurred, as the investigation has yet to determine the complete losses.

However, a report from blockchain security firm PeckShield says that the attack drained CoinEx of about $19 million in $ETH, $11 million in $TRON, $6.4 million in Smart Chain Coin ($BSC), $6 million in Bitcoin (BTC), and approximately $295,000 in (MATIC). According to PeckShield, the loss from this attack amounts to about $43 million, while the remaining $72 million kept on the same stash has been transferred to better-protected cold wallets.

A more recent estimation on the CoinEx losses coming from CertiK Alert raises the figure to $53 million, analyzed as seen in this document. User assets have not been impacted by the incident, CoinEx said, and assuring that any parties suffering loss will receive full compensation. At the time of writing, all deposit and withdrawal services on CoinEx have been suspended to protect user assets and will only resume after the exchange's IT team makes sure that all risk has been eliminated.

Lost all my money with ugly monkey NFTs

[thesjaakspoiler]

So what's the difference between getting all your money stolen or getting scammed with the ownership of a QR code that links to a picture you don't even own?

Re: Lost all my money with ugly monkey NFTs

[javaman235]

Seriously, it is like living in this video game. No one, no one on Slashdot can take one weekend in the woods, a bottle of wine, and some whiskey, turn off the BS, the media noise, set up your tent, light your fire, roast your whatever, sit in the lotus position and THINK about this and the rest?

Re:

[Opportunist]

I could. But why the hell would I? I am pretty sure someone did it before, wrote a report about it and if I needed that information I could google it.

Re: Lost all my money with ugly monkey NFTs

[javaman235]

Because the world doesnt need to be this dumb friend.

Re: Lost all my money with ugly monkey NFTs

[javaman235]

If people cultivated wisdom, and asked if there were things they may not be able to Googleâ¦

Me: ChatGPT, What fine things did Solomon say wisdom was like?

Chatterbot:

King Solomon, traditionally attributed to writing several books in the Bible, also used vivid metaphors and comparisons to describe the virtues of wisdom. Here are some of the fine things Solomon said wisdom was like:

A Crown of Splendor: In the Book of Proverbs, Solomon writes, "Wisdom is a crown of splendor, it is attained by a righte

Re:

[Opportunist]

But you have to admit, it's heaps more fun that way. I mean, what would the world be like without the likes of Florida Man?

Where is the HSM?

[ctilsie242]

Shouldn't cryptocurrency exchanges use something like a HSM, similar to what people use for root certificates or signing code? A HSM ensures the private key isn't going anywhere, and can require things like "m of n" users signing before a key is able to be used, or a simple two man policy, ensuring that there have to be two people present at a terminal for this transaction to be okayed onto the blockchain?

All this money, and there are zero rating services. If I wanted to stash $100,000 in a safe and have

Re:

[iAmWaySmarterThanYou]

It's not a hack. It's a rug pull.

Flat out theft.

Nothing will happen to the thieves running this place, as usual.

And less than 24 hours ago someone here was going back n forth with me at length claiming crypto was safer than real money.

Re:

[khchung]

And less than 24 hours ago someone here was going back n forth with me at length claiming crypto was safer than real money.

Crypto is definitely safer to steal than real money! LOL.

Re:

[geekmux]

All this money, and there are zero rating services.

Exactly zero rating services on Wall Street, prevented 2008.

All that history, and there are zero reasons we won't repeat it.

Re: Where is the HSM?

[dpille]

I think you misremember 2008. If you'll recall, several rating agencies were intimately involved in (inaccurately) rating the default risk of the mortgages underlying the various financial vehicles. And that part of what brought it all down were other rating agencies pointing out the inaccuracy and some of those first agencies refusing to continue to paint such a rosy picture going forward.

Or do you think people just grab a tranche and say "tah dah"?

Re:

[geekmux]

I think you misremember 2008. If you'll recall, several rating agencies were intimately involved in (inaccurately) rating the default risk of the mortgages underlying the various financial vehicles.

Correct. And that ratings collusion that happened tied to the main financial vehicle that brought the whole damn thing down (a CDO), was the primary driver for the collapse.

And that part of what brought it all down were other rating agencies pointing out the inaccuracy and some of those first agencies refusing to continue to paint such a rosy picture going forward.

The 2011 Financial Crisis Commission concluded that the ratings agencies were “key enablers of the financial meltdown” so, not sure it really mattered much if a moral compass or two might have finally swung around once enough bullshit was stuck to the fan in an ass-saving measure in the end.

Or do you think people just grab a tranche and say "tah dah"?

I'd say the "tah dah" part was wat

Re: Where is the HSM?

[vxir]

There are extremely sophisticated restrictions, including multisig, delayed release, xfer only to another specific account, etc for cryptocurrency. The problem is getting people to use them, and also exchanges need some working capital (but 50m seems really high), that needs to be programatically accessible.

How would an HSM even help?

[FeelGood314]

It's a hot wallet. That means the private key to do transactions is in constant AUTOMATED use. Even if there was an HSM securing the private key, since the transactions are automated, the HSM would have to be on the network and be able to receive commands to sign with the private keys. So How could an HSM ever have helped in this case?

Oh really?

[quonset]

after the exchange's IT team makes sure that all risk has been eliminated.

And how will they do that? Disconnect all the machines from the network, put them in a concrete room and not turn them on?

Re:

[rgmoore]

And how will they do that?

They'll finish stealing everything. Once there's nothing left to steal, it will be completely safe to go back online.

They stole it themselves or they are incompetent

[gweihir]

Maybe both. When was the last time anybody hacked a bank and got away with a comparable amount of money? And how many banks are there in the world compared to crapcoin exchanges?

Re:

[Opportunist]

Hacking a bank at this level is pretty much impossible. There are a lot of security checks thrown in between every transaction for various reasons. Most of them are legally mandated because, ya know, we don't like money laundering and fraud.

Wonder if we'll get anything comparable ever for shitcoins.

Re:

[gweihir]

Banks are required by law everywhere to report it to the regulator. As in "fail to report, go to prison". And that applies already to mere breaches where nothing was stolen. Also, the books will not balance in a bank is something was stolen and banks are audited constantly and very carefully, because otherwise they could start secretly creating money. The "bozo" here is you.

Not the first time

[Kremmy]

This wasn't the first time an exchange called CoinEx turned into an exit scam. Happened a decade ago, too.

Not Really

[sudonim2]

Crypto markets simply don't have the liquidity implied by such headlines. Such valuations are usually generated by a form of pump & dump. You trade a small amount and established coin with some commonly accepted value for your newly minted shitcoin. This supposedly gives the rest of the shitcoin the same value as what you sold the original for. You then sell a large chunk of your shitcoin on exchanges to other people trying to play a greater fool scam. At no point did the shitcoin have any real value or even liquidity outside of the con artist circle-jerks that are crypto exchanges. So someone comes along and exploits one of the many known bugs in the code you copy & pasted to create your shitcoin. They steal a large chunk of the currently circulating coins. This marks the end of the greater fool scam and everyone unloads all of the shitcoin they're currently holding at whatever value anyone will buy it at. As there was never any real value in the currency, there is no actual floor to this, so the coin rapidly goes to $0 valuation, or near to it. This means the hackers ultimately make off with a tiny fraction of the supposed valuation of the coins. It wouldn't surprise me if the hackers didn't even manage to get $53,000 of value out of their ill-gotten gains.

I used to wear a PeckShield

[jddj]

...only we called it a cup.

But they said crypto was secure....lolol

[bsdetector101]

But they said crypto was secure....when it first started, better, safer than banks !!! Enuf said ! lolololol

Bank Robbers work from home now too

[HalAtWork]

Isn't it nice that even thieves and money launderers can get a work from home program? Truly equal opportunity thanks to digital currencies!